We can not have good security if we do not know who is supposed to do what. That means, great security begins with a detailed registration process to provide comprehensive information about each user and the connections they approve.

In the past, there were different communication methods or languages for the many Value Added networks. They all adopted a common communication language and became Internet Service Providers. They did not adopt a common network management structure. This architecture provides a common network management structure that all ISPs can adopt.

Anything that can be recorded electronically can be delivered electronically. That phrase was originated in 1980 and it was the basis for the Architecture and Business Model that became the IBM Information Network Business model in 1984 and the Internet Business Model in 1988.

The Internet is a somewhat of a limited intelligent operating network. The network’s device information is organized and shared across ISPs. However; detail information about users and other non-network things is disorganized in distributed databases. That makes it a disorganized distributed database. When the network management functions are structured, information about people and business will be organized so security and ease of use can be realized by default.

Security, ease of use and revenue come from a registration system that feeds an inventory that controls usage and provides reports. Consolidated management functions allows both business and individuals to control their information.

When the management organization process is completed, then:- All users and destination are properly registered using a common registration process.- All users and destinations have a secure ID vault that they use to controls their access.- Information owners control their information using their access vault. - Access is through owner approved trading partner registration.- All applications are registered and approved by the device owner,- All trace or tracking applications are registered and approved by the user- Cookies or such are NOT allowed on any device. A substitute for cookies is acceptable.- An instruction to execute an application in an email can only invoke a previously installed application and the user must be notified and allowed to approve the application initiation.

Cyber attack display and prevention.

A cyber attack is an unauthorized connection attempt between electronic devices. To determine if a connection attempt is unauthorized, the information about all authorized connections must have been recorded electronically.

The very best display tool can not display information that is not recorded electronically. Once the information is recorded, it can be displayed by virtually any display tool. The issue is how to get what information recorded.

Information about an attack basically has three phases:- Planning before the event,- Execution during the event,- After the event activity.

It is good to display or report information about attacks that happened in the past. It is best to display information about attempts while they are in process but are being prevented.

The issue for displaying any information is to get it recorded then reported electronically.- To record information about authorized connections requires each user and application to be completely and accurately registered. - Once they are registered, communication partner agreements can be established. - Any attempt to establish a connection is compared against the approved tables or lists.- Any attempt that does not match the approved list is an attack attempt. - That attack attempt can be prevented and displayed realtime and later in reports.

To further reduce attacks, the operating system should: 1) not allow code in a file or email to execute with just the depression of a key, and 2) not allow an application to execute code that is not a resident part of the existing installed code. The operating system should always display a warning that some application is requesting to run or be installed. An email or file of any type should only be able to request that an existing installed application displays information in the file or email.

The detail registration and reporting process is defined later.

NOTE: Before code was installed on machines to allow remote installation of code or remote control of the computer, there was no way for external takeover of a computer. All openings can be removed or controlled to only allow authorized takeover.

New vision:

In the future, there will not be cables in the house. There will be a secure router at the cable end where it enters the house. Cell routers will emerge as cell capacity is expanded with revenue from cell TV/radio. Most if not all computers in the house will be wireless to the cable or cell router. Desktop, laptop, TV, and cell phone are equal devices. Any device can be the master that controls the others. All TV’s will have WIFI so the cable or satellite control box is not needed. All TV and radio will be transmitted on the Internet or Phone Company Line Layer Protocol as just additional streaming content. They will be original programing with commercials making them like original free TV over the air except it will be over the Internet or Line Layer Protocol. Full Cell/wifi Internet Radio and TV will obsolete existing functions of cable and satellite TV and FM/AM and satellite radio. Cell/wifi Internet TV/radio will have commercials that the user can interact with. Traveling users TV and radio stations will have commercials for the local area as well as national. The commercials will also be tailored to the user based on their user selected priorities. When a traveling user tunes into a national or international radio or TV station, the continent will be the same regardless of where the user travels in the cell or wify network. The commercials will be both local and national. Local commercials will be based on the user location when commercials are presented. Users will be able to interact with commercials to ask for directions or even order a product.

Computers in devices such as Microwave, automobile, clock, and light fixtures will also have WIFI to the house router on the end of the cable or cell router and will be accessible via the Internet.

Relationship vision:

All computers are basically the same. Input, process, and output applies to all of them. A Cell phone. a laptop, a desk top and an HD TV are all computers that are the same but slightly different. Likewise, all connections of all computers are basically the same. Hardline and cell phone and wifi are basically the same only slightly different. All computers can use the same software and connect to any other computer through the network. Any type of connection of any device can allow communication to any other device through any other type of connection. All data communication rides on top of the voice network. Voice over IP is Voice riding on IP that rides on Voice. Today’s voice network is a computer network that routes voice that was converted to bits and computer bits from any origin to any destination. Thus, IP is a data layer on top of the voice data network. The phone companies could implement a Line Layer Protocol that eliminates the need for the IP layer. That is: all devices present bits to the Line Layer that routes them from entry to exit point. For example: smart phones convert voice to bits. Really smart phones recognize words and convert them to their computer readable value.

NOTE: This is somewhat of a natural elaboration or expansion of the basic concept that was in the original 1987 “Operating Intelligent Network” invention disclosure. That paper described the machine to machine network communication. It did not address comprehensive network management detail. Additional parts of this are a natural extension of the 1987 “Computer Shorthand” invention disclosure.

NOTE: This detail structure and vision was initially written in 2005. The single logon concept was used in the IBM Information Network in 1985. It was lost when TCP/IP was adopted by all the commercial services providers. I advanced the renewed call for a single logon various times since 1996 in online forums and request sent Microsoft and Yahoo and other ISPs. Parts of this detailed architecture was shared with Johan and Mykael Lourens in 2010. Part was shared with IBM in June of 2012. Part was shared with Merchant Customer Exchange on 12 Sept, 2012.

Overview:

All users and business want improved security and ease of use. The government wants a method of displaying and preventing cyber attacks. Merchant Customer Exchange (MCX) is an effort by many merchants to implement a new Mobile Payment System. All networking parties have the same requirement for information about users and authorization for interconnections. The requirements for all mobile, wireless or hardline connections are the same requirements for any online transaction. Once any communication path is approved and established, then it is just another online transaction session.

When user information is organized, the original or master source resides in the users machine for users and in a business application for businesses. All access is granted based on contracts or approvals found in the user vault, the business application vault and the ISP vault. Some user information will reside in the network. The user vault performs a function that is similar to a combined Quicken vault and the OpenID single logon. Both of those are similar to the first single logon that was delivered in the 1980s at the IBM Information Network. There was a registration process to setup the capability for machine to machine communication approval.

The user vault is a single place where users manage all their information. All information is much more than Ids, passwords, name and address. It contains “all” the stuff about a user including the date they were born and when they purchased their cell phone or car. It includes but is not limited to, name, date of birth VIN numbers and medication. Any and all information the user needs to keep track of is included in their vault.

Record once then share when appropriate.

Today, people must enter much of the same information each time they sign up for a new service. Users have entered the same information thousands of times. It could be recorded once then shared when the user approves. A secure information vault enables a single registration and logon to old or new services.

NOTE: all information about people is already recorded many places. The typical user does not have all their information recorded at one place. This process helps users organize and maintain all their information in a secure place. Once the users have all their information recorded, they do not need to reenter it but can share parts of it when they choose.

- A secure vault along with the secure single logon concept makes all security authorization and reporting easier to implement. We know that existing registration processes are not adequate. The ISPs and business and users and the government and and MCX and Quicken and Single Logon all require a comprehensive information vault for each user that includes detail end user identification and communication approval tables along with their single logon. Today’s openID is adequate for social sites and news outlets. It is not really adequate for financial and business activity. If openID was really good for financial use, it would be the preferred way for me to logon to BOA and other financial services.

- To be a valid business, financial and security tool, the single logon requires a complete real registration process that is acceptable for all business and financial activity. To get an open ID, I provide some basic potentially fictitious information but not necessarily any verifiable business and financial information. Security needs a single logon registration process with legally acceptable identification and financial information.

Background:

Since the beginning of computer use, people have been concerned with revenue and security. As more people began to use computers, they became concerned with ease of use. The original 1980 Electronic Customer Support Business Model and implementation was to address connectivity and transport. It was not specifically to address network management issues like security, usability and revenue. Those things were implicit in the original physical architecture. This new architecture explicitly provides a simple structure to consolidate the network management functions.

You can’t have good security if you don’t know who is supposed to do what. This business model includes the registration of users in an integrated inventory that allows control and reporting. There are many isolated management structures today. They need to be integrated just as the physical network components were integrated after the original architecture was introduced.

In 1980, the issues of networking presented a business opportunity that changed the world. There were millions of users on thousands of isolated networks. There was no structure to interconnect all the users, applications, and networks. That is when the Business Model that led to the Internet was first written to address the business opportunity.

Today the conditions are ripe for an Internet Business Model with integrated management functions which will provide enhanced security, simplify usage and revenue built in. Just as networks were isolated in 1980, today there are many isolated security, and usability schemes generating differing revenue streams. There is a simply solution for today’s issues just as there was a simple solution for the networking connectivity and transport issues in 1980.

If it’s a computer, it can be connected to the network. All sizes of computers are still just computers. A cell phone is just a smaller notebook that is just a smaller laptop that is a small portable desktop that is just a smaller mainframe. They all work with zero and one. A large wall mount TV is just a larger version of the small TV in your cell phone. All the computers in your office or house or car are just computers that you could access from any other computer.

Any computer can do the same stuff that other computers can do. Your big screen TV can be a cell phone. Both can be connected by cell, WIFY or hard wire. They can all use the same software. Any communication device can use any communication path or method. When cable is installed at a pole outside the house, the cable can be connected to a WIFY router, a cell router, or a cable to the house or business. That is; the cable does not need to run through walls to connect to a device,.

We don’t need to run cable throughout a house or business. We only need to allow all devices to securely and wirelessly connect to the network to communicate with any other device on the network. All TV, printers, laptops, desktops and so on can connect wirelessly.

Everything must be in the online inventory. Actually there are many distributed components of the inventory. It just a matter of how and where things are included in sub components of the overall distributed inventory. Then it is just a simple matter of when and how who gets access.

Who is allowed to do what?

Everything there is to know about people is already recorded at many places and delivered may ways. However; it is not all recorded at one place for the user to access and control. When users organize their information in one secure place, they can control and share it as needed. They can define connections that they approve. Users can’t have good security unless they know who is allowed to do what. That means, good security requires good registration, directory, and reporting.

There is great value derived from user information. When product providers know about what people have been doing, they can make products to meet existing consumer demand. When they know what people plan to do, they can make better products to meet future demand. Better products at lower cost is good for everyone. Thus, people have an incentive to share the appropriate information. The sharing does not always need to include the users name or individual identifier. It can include just demographics or it can, when appropriate and approved, include the users name.

Users can easily record all their information in their encrypted inventory database. The user must be known by their inventory database. They can be known with just an ID and password and they can also be known by their voice or face or by a one time token password that is sent to the users.

NOTE: The network does not enable a person’s mind to be creative. People were creative before the online network and before telephone and before the interstate highway system. The modern communication tools allow creative minds to share information faster. To have creative freedom does not mean that people can do illegal things. It does not mean that people can invade the privacy of other people or take information about them that is not in the public domain. The advent of computers and their interconnections does present opportunity to use computers in different ways. People can invent new ways to manage information.

When user and industry information is properly recorded electronically, it can be properly distributed. Users can enter the information once and share it as they approve. When this solution is fully in place, a new user can easily establish all their electronic communication relationships.

The new user can simply sign up for the secure information database and enter their information once. Then they will initiate the automatic activation of all their electronic communication connections.

Using automated registration for standard security:- The users secure inventory database imports the users favorite list and or bookmarks.- It talks with the master directory to find all their destinations that have setup their secure database.- It communicates with each target and initiated the Secure registration process. - It displays each target applications approval request with all appropriate information automatically filled in. - The user selects: I approve in the terms and conditions electronic approval box for each individual communication partner. - The secure communication registration for all standard targets is complete. - ID and password maintenance in Standard security is automatically performed.

E-Wallet using Standard Security can be included in users Standard security online setup if the destination has an online E-Wallet activation box. — The user clicks to activate E-Wallet and accept the terms and conditions.— The destination application sends a setup approval form to the cell phone.— The user selects the approval box on the cell phone.— Standard security E-Wallet setup is complete for the users communication with that company’s cell phone or WIFY connections.

When a person walks into a new store, they can easily just press a couple of buttons on their phone to activate their secure ID and E-Wallet with that new store. They don’t have to reenter all the registration stuff for every new store they go into. Users don’t need different applications for each store.

In just a few months after this is generally available, stores will put up signs announcing that they use Secure ID. They will ask their customers to sign up now. That will replace their more expensive efforts to get their customers to sign up for the stores demographics tracking.

In just a few years after general availability, the cash register paper sales will have been cut in half. Most people will use their Secure ID and E-Wallet for all their point of sale and online transactions.

If a user finds a new site online, they simply select the link to activate the secure ID connection with that new trading partner. They don’t have to reenter all the registration stuff for every new destination.

The users must be able to trust the destinations. That means that all business must also be completely registered. Before a user approves a trading partner entry, the uses must be able to read the business registration information. The user and the business have one real bit value address that is identified in the registration and trading partner approval.

When a person purchases stuff, other business like to know so they can sell their competing stuff. When we dine at one place, others places want to know what we ate. Even the grocery stores want to know what we ate. They want to sell us their stuff and they want to know why we did not purchase in their store.

That is a snapshot of the process. It is defined in more detail later. There are three levels of security:- Basic security,- Standard security,- Top security.

Al three require the same registration, inventory, security, and reporting services.

NOTE: A site can allow unregistered people to access the site for viewing only. When properly setup the view only access user is securely separated from controlled access areas.

There are automatic registration processes for both Standard and Top security. All three levels have manual registration processes.

Users control their inventory database. It is encrypted on the users device and can be loaded on a portable device. A secure encrypted online copy is maintained by the users ISP. In the event the user needs the backup copy, it can be accessed and downloaded by the user after the user passes the backup retrieval approval process.

When any application is running on a users machine, the users inventory knows. NO application is allowed to run without approval from the users inventory database. Things like Cookies are not needed and can be eliminated. A potential substitute can be an indication that the users machine maintains in the users inventory database. The user has access to view and or delete the substitute. Business does not have access to the cookie substitute unless the user allows their inventory to share the information with the business.

The users secure inventory database should have user management screens that your grandparents can easily understand. It must allow users to control the sharing of their current and past activity related to purchases or viewing or navigation on both the electronic highway and the concrete highway. It must allow the user to enter information about things they are considering purchasing or doing on either highway in the future.

Demographics data inside and across ISP operational directories can be sold in two forms. - Each ISP can sell the data generated on their service. - Each ISP can sell advertisements in their image of the directory.

This is a base service that will make other services easier or possible. For example, the secure ID directory makes the Secure E-Wallet possible. The idea of E-Wallet was defined in 1996. That disclosure described the need for a single device that can be the users cell phone, e-wallet, their access to their smart house and all other PDA applications. One device to open the garage door and turn up the heat after paying for groceries on the same device. It will also control the TV and home entertainment such as TV. It seems that those things need the secure ID vault to really work.

This process levels or equalizes the Internet. All applications are equally easily accessed. Business or users can have a single site without the need to duplicate portions on several different platforms or supplier sites. For example, parents can have a family site with kid pages with simple secure parents control over access for any family member or friend.

All users and application owners should enter their directory information and easily make updates to their directory as needed. Users need to establish their communication partner approvals in the directory. A typical communication partner should not change anything on another users computer. That means, the application is not allowed to add cookies or make any other change to the users machine. The doors for the remote finger must be closed.

The entry transport ISP communicates with the users directory vault to establish the entry connection and allow transport to approved destinations. Entry transport ISPs records and reports of user activity can be displayed as appropriately needed. Sharing some of the report data is of value to the users. It allows users and advertisers to match information to appropriate users which allows lower product costs.

All users and application owners identify what information will be public and what will be exclusively shared. All information labeled as public will be in an open or public directory.

Typical application owners want a significant public entry. There is a free basic entry and levels of fee entries. There is a user controlled directory search sort capability. The free directory search sort is prioritized by the user. A fee directory display is on a side bar and is based on fees paid to advertise.

All applications are equal. There is no hierarchy with one being a focal point or control over others.

All public directory entries include the users shorthand names and real bit address. That is: “don@myplace .what” has the bit value in the next field. When users or application owners approve communication partners in their vault, the shorthand name and the real bit value is included in the user and application owner communication partner lists. The real bit address and shorthand name is compared in the users vault and in the ISP entry portal vault. This reduces the capability to make phony shorthand names to fool users or directories. The communication partner entries include identification of what the communication partner is allowed to do.

Business Model

Simple any to any “when authorized” is the business driver. The original 1980 business Model drove the activity to get the “any to any interconnections”. This model drives the “easy when authorized”. People want easy but secure access to information about products as well as friends and family. People know that ease of use can compete with security and confidentiality.

There are two aspects to the business model:- Commercial services,- Social services

When users have easier, safe and confidential access, they will use more services and more willingly voluntarily share information with business. That will result in better target marketing which reduces advertisement cost.

User control of access to their individual social site equalizes the network and liberates people. They can have individual social sites that are easily accessed by anyone the user approves.

Business wants information about users behavior which can translate to revenue and sales. Business and users do have an interest in keeping some things confidential. Although user and business information is being recorded electronically, they have a right to limit electronic distribution of the information.

Business and consumers want lower cost:

Both consumers and business benefit from wider distribution of information. When companies know more about consumers, the business can make better products to fit the consumer demand. When consumers know more about products, they consume more of the best price performing products. Information sharing benefits the consumers and business by enabling lower cost to manufacture, sell and purchase.

User perspective

Nobody does anything anonymously on the network. All of your information is already recorded many places. Each time you sign up for a new service, you must reenter the same information. You could record it once in your secure vault. Then, when you sign up for a new service, you don’t get another ID and password. Your secure vault does it for you.

You like social networking but don’t like to lose control over how your information is used. With secure vault, you can have your own social network site on any service provider that is seamlessly linked to your friend and family social sites. You can easily control who gets to see various parts of your site. Nobody uses your name to do push marketing to other people unless you chose to allow then to do that. You push your connection to just the people you select.

You can be in the public directory or you can keep it private.

With secure vault, you can use the highest level of Internet Security. You can prevent the use of cookies. That reduces the exposures that enable unwanted spy ware or malicious code infecting your machine.

Users can easily change their own trending product or service interest areas in the directory. That allows the paid advertisers to be prioritized based on the users trending interest. If a user does not create or change their trend interest, an email can be sent to the users explaining the benefit of updating their interests.

Project mission:

The purpose of this process it is:- To enhance security and simplify tasks performed by user and service providers.- To provide optimum information management and delivery for users and service providers.- Enable users to control communication partner authorization tables.

Which will:

- Increase users access to more business and social destination because it is easier,- Increase business sales because of simplified user registration,- Provided revenue to the directory and security vault operators and transport ISPs.- Flatten the network to equalize applications

The Problem:

Users seek ways to simplify the complexities of using ever growing numbers of online services while business and individuals seek greater security to protect confidential data. Business seeks more information about users while users and business seek ways of maintaining privacy.

The first rule about IDs and passwords is: DO NOT write the ID or password on anything. That means that almost all users are violating the first rule for every ID and password they have. The second rule of passwords is to make them unique for each destination. Typical users have dozens if not hundreds of destination and they use the same passwords. That means that the typical user is also violating the second rule about passwords. Very secure destinations require the passwords to be changes on a regular basis. Some even require a token device or send text messages with individual use passwords.

It is very difficult to know the truth about how safe a trading partner really is. The more information you can find out about a business, the safer you are when you agree to do business with them.

Background:

The internet does not exist just for users convenient access to information and to do social networking or just to facilitate business. The Internet exists because of the need and cost benefit from the electronic collection and sharing of information. The original business model says: ”Anything that can be recorded electronically can be delivered electronically and any user can share information with any other users when authorized.” Those two concepts: any to any, when authorized were originated in 1980 when the Internet Business Model was created. The Internet Protocol that was globally adopted in the mid 1990s does a good job of transport but does not adequately include the required global interconnected: - registration, - directory, - reporting and - security services to limit access to be only when authorized by users and service providers.

The Internet is somewhat like the Wild Wild West or a potluck buffet in the park. Although the Internet Services Providers deliver well defined interconnected global network transport services, there is a myriad of disconnected user directory information and security schemas. The directory and security services are basically disconnected today as the networks were in 1980.

Although some people think there is privacy, that is not true. The Internet is a massive dynamic distributed database that includes information about users.

Information sharing benefit:

Users and business benefit from sharing information about each other. The cost to deliver products to users is reduced when business has better information about users. The task of finding products is simplified when users have better information about business. Information is power and money. The biggest cost of the Internet is the access and backbone transport. Some of the biggest revenue of the Internet is captured by a some destination application providers who give away low cost host services but sell demographics and usage data about users. They also sell advertisements to users.

Solution

Secure Intelligent Internet Access vaults that contain registration, directory, reporting, and security services. The vaults reside on the end points and in the Internet Services Provider transport access entry point (aka at the telephone company entry point). The management of trading or communication partner access authorization is performed by the users and the ISP access point.

The vaults at the telephone company entry access ISPs will have the most comprehensive user demographics data. Users can authorize and manage the sharing or sale of that information on an individual basis. This is accomplished through a comprehensive ISP entry registration process. The registration feeds the comprehensive uniform directory. Usage data is uniformly recorded. The authorization to communicate is managed based on the communication partner defined approvals. Various reports show the usage activity. Entry point ISPs have the capable of sharing the various information when appropriate. The ISPs can sell the demographics and other appropriate data to reduce cost of a simplified and more secure network.

After a simple registration, users will have a single Internet ENTRY ID that is tied to all authorized target applications and services through a secure vault. Three levels of security are defined:- Basic - vault,- Standard - intelligent data sharing linked vault, and- Top security - standard intelligent vault and smart phone token image and voice matching.

For all three levels of security, the users select a secure bookmark or favorite. The secure favorite vault passes the ID and password to the destination. For basic security, code resides at the user desk and at the Internet Access Service Provider. For standard and top security, additional code resides at the destination.

NOTE: A site can allow unregistered people to access the site for viewing only. When properly setup the view only access user is securely separated from controlled access areas.

Secure ID allow an automatic connection between a users mobile device and a stores fixed device. Any device can hear other devices that come close. A store has WIFY that any computer can talk to after they logon. With Secure ID, the user can simply walk into the store WIFY range and there is automatic logon to do approved business if they have previously agreed. The agreement can be store chain wide or store specific. The agreement can be tied to the store’s frequent buyer demographic “nuisance” card.

Cell E-wallet use secure ID vault app components on the users cell phone that communicates with a secure ID app components on the store Point of Sale machine. The Cell E-wallet takes the place of credit and debit cards. Cell E-wallet works in conjunction with existing credit, debit and demographics services that use secure ID and Cell E-wallet. The demographics cards are nuisance cards because a person can have dozens of the cards. E-Wallet eliminates the many by replacing them with one E-Card for demographics and store discounts. One cell phone app serves as all of the users credit cards, debit cards and in store demographics and discount cards. The user phone Cell E-wallet app communicates with the store counterpart to easily sign up for the store demographics card. No forms to fill out. Just select OK on the E-wallet.

The Cell E-wallet app also receives a complete store receipt with each item listed. The E=receipt can be loaded into a users money management tool such as Quicken or Quick Books if they sign up to use the Secure ID and E-wallet apps.

Upon entering a store, the store can be allowed to do push marketing to the user. The user can sign up to allow their E-wallet to communicate with the store and alert the user to in store coupons for store specials and advertised items. Typical ecoupon programs are not as successful as they could be because they don’t push the coupon at the correct time. Cell E-wallet allows the user to sign up for push marketing when they enter the store.

E-wallet push marketing uses the users trending product or service interest setting to prioritize the in store advertisements.

E-Wallet connection required a closed door function.

Today, computers are setup with open doors that allow remote takeover. That was not always easily done. It took design changes to allow the easy remote viewing and remote control. I refer to this as closing the remote finger door. In the mid 1980's, the IBM Information Network had to send a person to it’s remote locations when a Transmission Control Unit need to have the reset button pushed. That caused two problems. It was a cost to send a person to the location and it was a significant service disruption until the reset button was physically pushed. I suggested an electronic remote finger. A real key depression or command in Tampa sent an electronic signal to the remote TCU that electronically press the button. To do that required an electronic door that was only to be opened with proper approval. A few years later, we implemented a similar and larger process using IBM’s Remote Screen Viewing Support Facility when it first came out. That required significant code on the viewer and the viewed machine to not only enable the process but to also address security to limit access to be only when approved.

All the open door capability must be closed on all machines to a security process that only allows approved remote fingers to take over. That is accomplished in part with Secure ID’s communication partner approval lists. It is supported with a trace process on each machine that records and reports all details of the remote finger activity. Most if not all remote finger or robot activity should be approved by an actual local physical finger approval. The request should be displayed in clear words that grandparents understand. It should define the existing fit in the communication partner tables as well as the details of the requestor affiliation and identification in the master directory.

Blocking unwanted code in email of files.

Local applications must be in the list of approved entities that can take over the machine to do unlimited code execution. There must be limits on what any form of E-Mail can do with respect to running a machine. Generic E-Mail includes texts or instant messages or what ever form a file is received. It is convenient to allow email to execute some code to display some things.

It must never be possible to allow a depression of a key when viewing an email to have the email application or linked site or included code to take over and do unlimited execution on a machine. The physical key depression in an email should inform the user that an unexpected executable code function has been requested from code that is included in the E-Mail. A substitute for executable code in an email is to allow the Email to request execution of approved code that exists on the users machine. Such as: an email needs adobe player. The depression of a key in an email does not allow code to be loaded and executed. It can only allow a call to a small set of approved code that exists on the users machine. It does cause a request to the user and the users approved trading partner and code approval list. The user must know of all attempts or requests to load and execute any code.

A key depression in an email, text message or any just received file— must not allow a call to execute code that is in the email, text message or file.— It can allow a call to the ask the user to invoke known resident installed code to inspect and load code from a file or email. — It can call the use of existing code that displays stuff in the email or file.

Extended services:

Once Secure ID inventory is going, additional processes will be possible.

FOR EXAMPLE: Medical information can be included in the individuals inventory. When doctors and patients are linked in the inventory, prescriptions can easily be recorded electronically and sent to the patients drug provider and insurance company. This extension can use both the Internet and cell phone capability.

NOTE: Not all past medical information needs to be recorded. Information about today and any subsequent information is recorded. If a user or business desires or requires past information, they could pay the cost of entering historical information.

NOTE: Medical information is just one example of extended services. Anything that can be recorded electronically can be conducted electronically.

Registration Overview:

The user accesses the Secure ID main site then completes the initial registration and accepts the terms and conditions. Then the user downloads and installs the Secure ID vault code. The initial registration information is already filled in when the user first enters the vault. The user completes the directory and inventory activity. Then the user selects done to complete the registration in the master directory and activate their Secure ID vault.

Secure target application access is enabled after the Secure ID code has been installed on the users desk and the user has activated their Secure ID.- For basic security, the user can enter the target application ID and password using one of two processes.- For standard and enhanced security, the user must be in session with the target application. - Top security includes the use of smart phones as token devices with voice and image recognition.

Standard security flow initial setup overview

This applies to all existing or new registration to target applications that have been updated to use Secure ID.- User has already completed the registration and activated their Secure ID.- Target Application owner has activated their Secure ID vault. - User enters the Secure ID setup process and select automatic registration to all Standard security Secure ID targets.- Secure ID imports the users favorite list and or bookmarks. - Secure ID talks with the master directory to find all destinations that have installed Secure ID and that match the users Favorite list. - Secure ID communicates with each target and initiated the Secure ID registration process. - Secure ID displays each target applications approval request with all appropriate information automatically filled in. The user selects; I approve on the terms and conditions electronic approval box for each individual communication partner. - Secure ID for all Standard targets is complete. - ID and password maintenance in Standard security is automatically performed by users and the target applications Secure ID vault.

E-Wallet using Standard Security- E-Wallet setup can be included in users Standard security online setup if the destination has an online E-Wallet activation box. — The user clicks to activate E-Wallet and accept the terms and conditions.— The destination application sends a setup approval form to the cell phone.— The user selects the approval box on the cell phone.— Standard security E-Wallet setup is complete for the users communication with that companies cell phone or WIFY connections. - The user could activate E-Wallet in each store where they want to use E-Wallet. — When in the store, the users selects activate E-Wallet.— The same Standard security automatic process is completed as above. - ID and password maintenance in Standard security is automatically performed by users and the target applications Secure ID vault.

Alternate/manual Standard security process. - User has already completed the registration and activated their Secure ID.- Target Application owner has activated their Secure ID vault. - Users selects their Secure ID App. - User accesses the target application by selecting the favorite or any other way.- On the target application, the user selects activate Secure ID logon.— The users machine and the target machine talk and sets up the initial Secure ID communication partner registration. — The user machine displays the target application approval request with all appropriate information automatically filled in. The user selects I approve on the terms and conditions electronic approval box. - Secure ID for that target is complete. - ID and password maintenance in Standard security is automatically performed by users and the target applications Secure ID vault.

Top Security flow initial setup overview

This applies to all existing or new registration to target applications that have updated to use Secure ID.

Standard and Top security can be activated at the same time. They are basically the sameexcept Top Security has additional activity.

For Top security, the Secure ID vaults on the User and the destination application exchange Top security registration and tests.- The users Secure ID vault displays a Top Security approval notice to the user requesting the user to approve the request transmission to the Top security destination.- The user selects yes to send the Top Security request.- The destination application sends a onetime code to the users cell phone.- The user enters the onetime code.- Top security access has been approved for the associated activity.

Additional or future Top Security can include the use combination of a camera, audio device and touch screen to verify the identity of the user. It could even verify that the user is known and alive.

E-Wallet using Top Security- E-Wallet can also employ a combination of the Top security activity defined for online activity.

Alternate/manual Top security process.- The manual Top security initiation process is the same as the Standard security initiation.- The additional Top security steps are performed.

Basic security flow initial setup overview

Since people will want to begin using the basic functions of Secure ID before all destinations have the host code, the basic process is provided. - User has already completed the registration and activated their Secure ID.- To use Secure ID, the user must log onto the machine or to secure ID.- Users selects the Secure ID App. - User enters a destination address or select a link to import bookmarks or favorites.- User enters the destination ID and password.- All ID and password maintenance in basic security is manually performed by the users.

Once the Secure ID vault is populated with basic destinations, the user selects the secure ID list just as they would for any other favorite or bookmark. The ID and password is passed to the destination.

Alternate path to populate the vault destination data. After initial registration, users click on existing bookmarks or favorites. In the registration tool, the users select add secure destination approval. Then users enter the destination ID and Password. After all the destination Ids and passwords are entered in the secure vault, the user simply selects the secure destination favorite. The secure vault send the id and password to the destination.

For new destinations, the vault can communicate with the destination to select the ID and password.

Individual Registration form:

Short sample:

p - Name,1,3 - email addressp - my web page, social network site, . 1,2 - dob,1,2 - sex,2 - race,1 - address include GPS field3 - second home address1,2 - Cell Phone,,,, and so on and on ,- pet 1, pet 2, parents, Grandparents, kids, Primary Doctor information,,,,,,,, and so on to include all things that is recorded electronically and that people need to know and share. It is one place to record all contact information for people including name, phone, address, birthday, and so on,,,,, This list will include the approved favorites and E-wallet partners information,,,

Parental control is basically the same as a business administrator control over employee authorization control

Parent control allows the family administrator to determine the security settings for a family member. The administrator can give blanket control to a family member or they can control some or all of the family member settings. This gives parents control over child access.

This list includes all the information the company needs for Secure ID vault communication with users.

Mobile solution:

NOTE: this information was shared with MCX- Merchant Customer Exchange.

- A cell phone is just a small computer. Any transaction using any computer is equal to any other transaction. For every item that is sold to the mobile user, there are hundreds of transactions that occur. Those transactions use other devices not limited to desktop, laptop and mobile devices.

- Move a portion of the merchant payment code to the customer computer or smart phone. Code can run on either device and do basically the same activity. The smart phone can communicate with the merchant computer that communicates with the Payment Card Processing service. The consumer receives the complete itemized bill on their device. The consumer reviews the bill and selects their payment method. The selection process is like the one on the merchants physical device. The consumer moves their finger to simulate sliding the selected card through the electronic card reader. The consumer device sends the information to the payment system.

- It would be best to allow the smart phone to communicate with the Payment Card Processing service either through the cell network or through the merchants store. Two smart phones can be held close and communicate. The same process could be used to allow a smart phone and a point of sale card reader to communicate.

- If the merchant has WiFi in the store, and if the consumer has a smart phone with WiFi, and if the two are authorized to communicate and know each other, they can do payment processing and much more.

- They can do Consumer Loyalty Card with automatic registration. The communication between the merchant and consumer can begin when the consumer enters the store. The consumer can sign up for loyalty discounts to be pushed to their smart phone when they enter the store.

- The MCX single logon concept can make the mobile solutions easier to implement. However; the existing single logon information vault is not adequate. MCX needs a comprehensive information vault for each user that includes user financial information along with their single logon. Today’s openID is adequate for social sites and news outlets. It is not really adequate for financial and business activity. If openID was really good for financial use, it would be the preferred way for me to logon to BOA and other financial services.

- To be a valid business and financial tool, the single logon requires a complete real registration process that is acceptable for all business and financial activity. To get an open ID, I provide some basic potentially fictitious information but not necessarily any verifiable business and financial information. MCX solutions need a single logon registration process with legally acceptable identification and financial information.

- An MCX mobile transaction will electronically share debit or credit card information. The MCX single logon initial registration is where the users debit or credit card information needs to be recorded. Once the user completes the initial secure ID registration, it is easy to link the Merchants and Customers financial inventory vaults. They can install a limited portion of the payment card processing application on their mobile or stationary device. Applications like Quicken can have the payment code installed and allow both mobile and stationary activity. Quicken is an early example of a secure financial single logon or openID. I participated in getting the first Single Logon going on the IBM Information network in the 1980s.

- Merchants and their customers have many other communication partners with business and financial information from every transaction. Paying taxes or getting insurance and yard sales are part of the total trading partner exchange activity.

- A total solution will address situations like the purchase of a TV and the registration of the serial number with the manufacturer.

- Iinitial registration in the MCX users vault includes but is not limited to:- name, address, DOB,- SSN,- Copy of driver license with photo,- Recent passport type photo for facial recognition may apply for future or top level security,- more,,,,- future registration may include smart phone voice and finger print recognition,

- Advertisement effectiveness use, measurement, and validation process. When a person interacts with an advertisement on their network device, the advertiser knows the advertisement was viewed and the advertiser knows of the viewer action. The viewer could ask for more information about the product or the user could inform the advertiser that the advertisement is not good. Business likes the real time feedback. Advertisement agencies prefer aloha advertisements that go out but are not actually measurable.

THE WAY payment card processing IS:

When I swipe my card at point of sale, my physical card goes through a merchants physical card reader. The application on the merchant computer communicates with the Payment Card Processing service.

THE NEW payment card processing WAY:

Move a portion of the merchant payment code to the customer computer or smart phone. Code can run on either device and do basically the same activity. The smart phone can communicate with the merchant computer that communicates with the Payment Card Processing service. The consumer receives the complete itemized bill on their device. The consumer reviews the bill and selects their payment method. The selection process is like the one on the merchants physical device. The consumer moves their finger to simulate sliding the selected card through the electronic card reader. The consumer device sends the information to the payment system.

The thought process to define this solution is the same thought process I used over 20 years ago. I was making a presentation to people from the financial industry. They said that bad checks was a huge problem and they needed a way to verify that the person had money in their account. I said that they already had a process that works. Simply use the basic process they use for the credit card process to do check approval and clearing. There was discussion and agreement that it would work. They went back and developed the debit card. In the past and today, I defined a new solution that uses a portion of an existing proven process.

I have been an advocate of the Electronic Wallet for many years. In 1996 I described the concept of a Personal Digital Assistant with e-wallet, cell phone and unlimited applications. It was ahead of it’s time. Today, e-wallet is overdue but there have been problems holding it back. It is a logical step in the complete Electronic Customer Support concept.

It would be best to allow the smart phone to communicate with the Payment Card Processing service either through the cell network or through the merchants store. Two smart phones can be held close and communicate. The same process could be used to allow a smart phone and a point of sale card reader to communicate.

Many uses of Smart Phone WiFi to merchant WiFi:

If the merchant has WiFi in the store, and if the consumer has a smart phone with WiFi, and if the two are authorized to communicate and know each other, they can do payment processing and much more. They can do Consumer Loyalty Card with automatic registration. The communication between the merchant and consumer can begin when the consumer enters the store. The consumer can sign up for loyalty discounts to be pushed to their smart phone when they enter the store.

Enter information once, then owners share it as they approve:

Today, people must enter the same information many times. OpenID helps address some of that duplicate entry activity. However; to be a valid business and financial tool, the single logon requires a complete real registration process that is acceptable for all business and financial activity. To get an open ID, I provide some basic potentially fictitious information but not necessarily any verifiable business and financial information. Mobile solutions need a single logon registration process with legally acceptable identification and financial information.

MCX Vault for user business and financial information:

An MCX transaction will electronically share debit or credit card information. The single logon initial registration is where the users debit or credit card information needs to be recorded. Once the user completes the initial secure ID registration, it is easy to link the Merchants and Customers financial inventory vaults. They can install a limited portion of the payment card processing application on their mobile or stationary device. Applications like Quicken can have the payment code installed and allow both mobile and stationary mobile activity. Quicken is an early example of a secure financial single logon or openID. I participated in getting the first Single Logon going on the IBM Information network in the 1980s.

MCX transactions are part of total trading partner activity:

Merchants and their customers have many other communication partners with business and financial information from every transaction. Paying taxes or getting insurance and yard sales are part of the total trading partner exchange activity. A total solution will address situations like the purchase of a TV and the registration of the serial number with the manufacturer. The management of the information is the pivotal part of a simple yet comprehensive total solution.

A total Merchant Customer Exchange is more than E-wallet transactions and information. It is part of a simple updated electronic customer support architecture and Business Model. The original Architecture and Business Model that brought about the Internet was to address the problem of the thousands of separate networks. An updated architecture and business model is one with comprehensive interconnected information management process to support a total any to any when authorized Business Exchange Model that includes e-wallet as a component. In fact; e-wallet is a simple extension to a comprehensive enhanced Internet based mobile architecture that includes a formal structure for Security, Ease of Use and revenue generation.

The MCX secure vault single logon requirements could be fed to the OpenID process. They could have the existing basic openID and the enhanced MCX business and financial medium and top level secure ID process.

MCX is more than purchases.

A complete MCX architecture includes methods of allowing merchants to know that consumers are making purchases as a result of properly places advertisements. Consumers benefit when they inform merchants of existing and future purchase interests. When watching a show on cable, there is no real feedback about their effectiveness. When watching the same show online, the advertiser knows that one set of eyes saw the advertisement. The consumer could choose today’s interest areas which results in advertisements that meet the consumers needs today.

Online advertisements can include a coupon selection opportunity. The consumer can click on the coupon selection button and have coupon stored in their secure ID vault. People could see an advertisement and select to get more information or even order the product and have it mailed. All with just a few clicks without logging on again or entering the same information again.

Neutral physical network and neutral network management:

The original architecture was to have a Neutral physical network that made all users equally capable of communication when authorized. There must be Neutral network management. We don’t want one provider to lock in the users to their process. Each network site must be an equally valid standalone network location without requiring users to go to a current popular site to find or like the information. Business should be able to maintain their own site on any ISP without the need for duplicate sites.

A person must be able to use the same tools to conduct transactions with all merchants and other trading partners. Point of sale is not limited to physical stores. Online merchants or trading partners are part of the solution. Mobile devices are simply smaller online devices with batteries and wireless communication. The MCX solution begins with the basics of online transactions. Today, the basics of online transactions needs a simple information management improvement that makes the mobile transaction solutions easier to implement. The mobile part can be an almost automatic or an inherent part of enhanced basic online MCX process.

Just in time Marketing.

Just in time Marketing is a natural extension of just in time production. We have items in stores because people want to see and touch the stuff. We have online sales that cost less because it is made to order or it is in a warehouse instead of a high price space in a store. Combine the two gives a third option. Stores have one of each item or model. People see and touch, then order. It comes from the same warehouse as online purchases. Or, it is made to order. That is using the “Just In Time” production process for “Just in Time Marketing”.

Historical information:

In 1980, the issues of the networking presented a business opportunity that changed the world. There were millions of users on thousands of isolated networks. There was no structure to interconnect all the users, applications, and networks. That is when the Business Model that led to the Internet was first written to address the business opportunity.

In 1988, IBM helped develop a new Internet Protocol to interconnect networks based on requirements from people like Kahn and Cerf. In an article called "What Is The Internet (And What Makes It Work) - December, 1999 By Robert E. Kahn and Vinton G. Cerf" they write: "For a long time, the federal government did not allow organizations to connect to the Internet to carry out commercial activities. By 1988, it was becoming apparent, however, that the Internet's growth and use in the business sector might be seriously inhibited by this restriction."

The 1988 requirements were primarily for connectivity and transport to replace a closed Internet that was open to government uses. Once a government user was on the pre 1988 Internet, they could do anything. On the post 1998 Internet, it was unofficially open to business. Issues like Security, Ease of Use and revenue evolved from initially extremely poor to today’s ad hock or hodgepodge environment. Today, there is a business opportunity to address.

In 1985, three years before the government 1988 requirement, the IBM Information Network (IBM/IN) had implemented the IBM Electronic Customer Support Business Model that was the first plan to establish the interconnection of all ad hock or hodgepodge of disconnected networks. The IBM/IN Business Model was what Kahn and Cerf referred to when they said the Internet could not compete in the business Sector.

Today, most companies have an Internet Business Model for using the existing Internet. In 1980, the Business Model to create the interconnection of all networks was written. It was in place in the IBM/IN by 1985.

The original IBM/IN Business Model that was adopted by the Internet developers in 1988, was to establish the inter-connection of all networks. It did not include a formal structure for Security, Ease of Use and revenue generation.

Today the conditions are ripe for an Internet Business Model with; Enhanced Security, Simplify Usage and Revenue built in. Just as networks were isolated in 1980, today there are many isolated security, and usability schemes generating differing revenue streams. There is a simply solution for today’s issues just as there was a simple solution for the networking connectivity and transport issues in 1980.

Pages from the 1984 IBM Information Network, Network Services Marketing Guide are available online. That guide describes the Electronic Customer Support Architecture and Strategy which became the IBM Global Network Architecture and Strategy and is now the original Internet Business Model.

In 1983, when IBM first introduced the business model to interconnect all network, the idea had to be sold. Thus the need for a marketing guide. The basis for the marketing activity was to help customers understand that: anything that can be recorded electronically can be delivered electronically. In 1980, IBM had over 33 separate isolated internal networks. IBM had thousands of customers with one or more isolated networks.- IBM would do software problem determination and print a dump.- Then go back the branch and do more PD.- Then down load a tape through one of IBM’s networks.- Then drive to the customer location to install the fix.

The solution was to improve IBM and it’s s customers productivity and satisfaction through electronic delivery of fixes and other IBM customer support.- First connect IBM customers to IBM’s network for Electronic Support.- Also connect IBM suppliers for electronic order activity- Second, Once IBM customers and suppliers were connected to IBM’s network for Electronic Business with IBM, there was virtually free capability to do Electronic Business with their business partners.- Next was to allow individual consumers to do electronic business with all companies.- The last phase was to enable people like you and me to do electronic communication with friends and family.

That concept was in place in 1988 when the Internet developers adopted the IBM Information Network Business Model. That was a Unifying Connectivity and Transport Business Model. Today there is an opportunity for a Unifying Security, Usability, and Revenue Business Model.